State of affairs Blackboard security

State of affairs: Blackboard security

At the end of 2010, a report published by the Dutch company Online24 made clear that there were a number of security leaks in Blackboard. Since then the Blackboard company has paid a lot more attention to security and the detected security problems have been resolved faster in the past two years than in previous years.

To test the quality of the security of the most recent Blackboard version, security experts at some Dutch universities (including the UT) started an investigation at the end of December 2012. On the whole, the following can be concluded from the investigation: many of the known leaks have been fixed, but a skilled and well-informed person could still hack Blackboard and alter data that could normally only be changed by an instructor. This would require a lot of effort, so the chances of such an event actually taking place in the UT Blackboard environment are deemed small.

However, it is not possible to guarantee with absolute certainty that the content of Blackboard is completely protected and unalterable by persons without the necessary permissions in Blackboard.

It is therefore advised:

1.Not to use Blackboard for the registration of grades that are part of the official final grade of a course. (Partial) grades can be published in Blackboard if registered elsewhere. For example, instructors can register partial grades in Excel and upload this Excel sheet to the Blackboard Grade Center. This video can be watched for instruction purposes.

2.Not to use Blackboard for the registration of privacy-sensitive (personal) information. This includes the use of Blackboard-organizations for various purposes.

3.To let programme boards point out to students that no rights can be derived from grades registered in Blackboard. The aim is also to implement this in the new EER.

Naturally S&O and ITCS are cooperating with the Blackboard supplier to make and keep Blackboard as safe as possible.